====== Diagnose And Address Routine Selinux Policy Violations ======

**General Information**

Troubleshooting SELinux. 

----

===== General SELinux Troubleshooting =====

SELinux Audit Log file
  * /var/log/audit/audit.log
  * SELinux entries are of type "AVC"<code bash>grep AVC /var/log/audit/audit.log</code>

\\
Install SELinux Troubleshooter
<code bash>
yum install setroubleshoot-server
</code>
  * Once installed, easier to understand log entries are made to /var/log/messages with tips on how to fix any possible issues.

\\
Scan Audit Log for Alerts
<code bash>
sealert -a /var/log/audit/audit.log
</code>
  * Analyzes the audit.log file and provides suggestions on how to fix issues.
  * You may need to pipe to 'less' to read the entire message

**Other Tips**
  * Always check selinux status: getenforce
  * Set permissive temporarily to see if selinux is the issue: setenforce 0
  * Change back when done to fix the underlying issue: setenforce 1

----